﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Net;

namespace Adams.Public.Api
{
    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
    public sealed class EnsureHttpsAttribute : FilterAttribute, IAuthorizationFilter
    {
        public void OnAuthorization(AuthorizationContext filterContext)
        {
            if (Shared.Config.GetAppSetting("EnforceSSL").ToBool())
            {
                if (!filterContext.HttpContext.Request.IsSecureConnection)
                {
                    throw new HttpException((int)HttpStatusCode.Forbidden, "You must use https to access the api.");
                }
            }
        }
    }
}